» 2021 » 11월

CVE-2021-3802

Posted on 2021년 11월 30일2021년 11월 30일 by admin

CVE-2021-3802

A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.

Source: CVE-2021-3802

CVE-2021-43692

Posted on 2021년 11월 30일2021년 11월 30일 by admin

CVE-2021-43692

An unspecified version of youtube-php-mirroring is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.

Source: CVE-2021-43692

CVE-2021-43693

Posted on 2021년 11월 30일2021년 11월 30일 by admin

CVE-2021-43693

vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.

Source: CVE-2021-43693

CVE-2021-43695

Posted on 2021년 11월 29일2021년 11월 30일 by admin

CVE-2021-43695

An unspecified version of issabelPBX is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability.

Source: CVE-2021-43695

CVE-2021-43697

Posted on 2021년 11월 29일2021년 11월 30일 by admin

CVE-2021-43697

An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C(‘VAR_JSONP_HANDLER’)] then there is a XSS vulnerability.

Source: CVE-2021-43697

CVE-2021-43696

Posted on 2021년 11월 29일2021년 11월 30일 by admin

CVE-2021-43696

An unspecified version of twmap is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability.

Source: CVE-2021-43696

CVE-2021-43698

Posted on 2021년 11월 29일2021년 11월 29일 by admin

CVE-2021-43698

An unspecified version of phpWhois is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET[‘query’] then there is a XSS vulnerability.

Source: CVE-2021-43698

CVE-2021-24927

Posted on 2021년 11월 29일2021년 11월 29일 by admin

CVE-2021-24927

The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

Source: CVE-2021-24927

CVE-2021-24918

Posted on 2021년 11월 29일2021년 11월 29일 by admin

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin’s setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.

Source: CVE-2021-24918

CVE-2021-24768

Posted on 2021년 11월 29일2021년 11월 29일 by admin

CVE-2021-24768

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

Source: CVE-2021-24768